search for: lognewnotsyn

...FW= + SUBSYSLOCK= + STATEDIR= + ALLOWRELATED=Yes + LOGRATE= + LOGBURST= + LOGPARMS= + ADD_IP_ALIASES= + ADD_SNAT_ALIASES= + TC_ENABLED= + LOGUNCLEAN= + BLACKLIST_DISPOSITION= + BLACKLIST_LOGLEVEL= + CLAMPMSS= + ROUTE_FILTER= + NAT_BEFORE_RULES= + DETECT_DNAT_IPADDRS= + MUTEX_TIMEOUT= + NEWNOTSYN= + LOGNEWNOTSYN= + FORWARDPING= + MACLIST_DISPOSITION= + MACLIST_LOG_LEVEL= + TCP_FLAGS_DISPOSITION= + TCP_FLAGS_LOG_LEVEL= + RFC1918_LOG_LEVEL= + MARK_IN_FORWARD_CHAIN= + SHARED_DIR=/usr/share/shorewall + FUNCTIONS= + VERSION_FILE= + LOGFORMAT= + LOGRULENUMBERS= + stopping= + have_mutex= + masq_seq=1 + nonat_seq=...

Shorewall 1.4.9 is now available. http://shorewall.net/pub/shorewall/shorewall-1.4.9 ftp://shorewall.net/pub/shorewall/shorewall-1.4.9 Unless something urgent comes up, this will be the last release of Shorewall 1.x. Release notes are attached. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

...oesn''t appear > do a search for "feature in iptables". > > It describes a bug in the Microsoft IP stack that can cause these packets. > I had code for a while that dropped those ACK FIN packets without logging them but I decided that most people won''t set LOGNEWNOTSYN and if they do, they deserve to see the whole ugly story. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

.../8. * The documentation for the routestopped file claimed that a comma-separated list could appear in the second column while the code only supported a single host or network address. * Log messages produced by ''logunclean'', ''dropunclean'' and ''LOGNEWNOTSYN'' were not rate-limited. * 802.11b devices with names of the form wlan<n> don''t support the ''maclist'' interface option. * Log messages generated by RFC 1918 filtering are not rate limited. * The firewall fails to start in the case where you have...

...static external IP addresses and for users who what to learn a bit more abound Shorewall than is described in the single-address guides. 2) Shorewall now drops non-SYN tcp packets that are not part of an established connection. These packets can be optionally logged by setting the new LOGNEWNOTSYN variable in shorewall.conf. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

I have shorewall 1.3.12 installed on a redhat 8 fully patched machine with three nicks. Eth0 has 10 IP''s bound to it and has been succsessfully routing web traffic to servers on the dmz. This morning I added another server to the DMZ, configured my network with the correct IP, configured dnat in "rules" and restarted both. From a standalone machine that is on the same segment

...in shorewall.conf, as the FW was only seing "half" the session between the subnets (Sinte traffic from .224.0/24 never passed the LOC interface of the FW, but rather injected directly into the switch), it dropped the (as it thought) erranous packages silently (This would have been seen if LOGNEWNOTSYN had been enabled in shorewall.conf. Also: I chose to do "echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects" in the startup of shorewall to prevent the FW of redirecting hosts directly to the VPN routers. This was done to be able to "enforce" policies in the FW. (Yes, use...

...RFC 1918 /etc/shorewall/shorewall.conf ======================================================= [root@hn00dmz01 maint]# grep -v -e "^#" -e "^$" /etc/shorewall/shorewall.conf LOGFILE=/var/log/messages LOGFORMAT="Shorewall:%s:%s:" LOGRATE= LOGBURST= BLACKLIST_LOGLEVEL= LOGNEWNOTSYN=info MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info BOGON_LOG_LEVEL=info PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK=/var/lock/subsys/shorewall STATEDIR=/var/lib/shorewall MODULESDIR= CONFIG_PATH=/...

...@felix jack]$ sudo grep -rin newnotsyn /etc/shorewall/ | grep -v \# /etc/shorewall/interfaces:128:inside eth1 detect newnotsyn /etc/shorewall/interfaces:129:inside eth2 detect newnotsyn /etc/shorewall/interfaces:130:inside eth3 detect newnotsyn /etc/shorewall/shorewall.conf:147:LOGNEWNOTSYN=debug /etc/shorewall/shorewall.conf:435:NEWNOTSYN=No These three interfaces are the "inside" zone, eth0 is the Internet. I haven''t found anything relevant by searching the shorewall.net documentation, but I could certainly take a STFW pointer. thanks, -- Jack at Monkeynoodle...

...net icmp ACCEPT net fw tcp 21,25,37,80,110,113,995,1024:3127,3129:65535 ACCEPT net fw udp 37,123,1024:65535 ACCEPT loc fw tcp 25,123,631 /etc/shorewall/shorewall.conf: LOGFILE=/var/log/messages LOGFORMAT="Shorewall:%s:%s:" LOGTAGONLY=No LOGRATE= LOGBURST= LOGALLNEW= BLACKLIST_LOGLEVEL= LOGNEWNOTSYN=info MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info BOGON_LOG_LEVEL=info LOG_MARTIANS=No IPTABLES= PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" STATEDIR=/var/lib/shorewall MODULESDIR= C...

...T net 22 tcp 22 # #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE SHOREWALL.CONF: ---------------------------------------------------------------------------- ------------------ LOGFILE=/var/log/firewall LOGFORMAT="Shorewall:%s:%s:" LOGRATE= LOGBURST= BLACKLIST_LOGLEVEL= LOGNEWNOTSYN=info MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK=/var/lock/subsys/shorewall STATEDIR=/var/lib/shorewall MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/sh...

Hi, I have shorewall version 1.4.10g on Redhat 9 Local clients are on eth1 in subnet 192.168.3.0/24. eth0 is for the outside (over xdsl with includes a ppp0 interface). Nessus (nessusd) is installed *on the firewall* and managed trough nessus (the client or frontend) running on one of the internal machines. When I was running a scan against 194.152.181.36 I observed several entries like

...nternet, and its firewall is for its own services only. My shorewall.conf, without comments, is as follows: $ egrep -v ''^( *#)|^$'' shorewall.conf LOGFILE=/var/log/messages LOGFORMAT="Shorewall:%s:%s:" LOGLIMIT="" LOGBURST="" BLACKLIST_LOGLEVEL=info LOGNEWNOTSYN=info MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info BOGON_LOG_LEVEL=info PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" STATEDIR=/var/lib/shorewall MODULESDIR= CONFIG_PATH=/etc/shorewall:...

There has been a low continuing level of confusion over the terms "Source NAT" (SNAT) and "Static NAT". To avoid future confusion, all instances of "Static NAT" have been replaced with "One-to-one NAT" on the web site and in the CVS configuration files (Shorewall/ project). The documentation in 1.4.9 will also contain this change. -Tom -- Tom Eastep \

I have what strikes me as an odd problem with shorewall. Let me describe my setup. My desktop (alfred) is connected to the network through an ADSL modem. I am running rp-pppoe, and this works perfectly. I have a small home network, with two LANs; an Ethernet LAN (including a machine running Windows XP), and a WiFi LAN, including the laptop (william) I am using now. All the computers except for

...ipsec0 172.21.0.0/16 all #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE ------------------------------------------------------ * /etc/shorwall/shorewall.conf LOGFILE=/var/log/messages LOGFORMAT="Shorewall:%s:%s:" LOGRATE= LOGBURST= BLACKLIST_LOGLEVEL= LOGNEWNOTSYN=info MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info BOGON_LOG_LEVEL=info PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK=/var/lock/subsys/shorewall STATEDIR=/var/lib/shorewall MODULESDIR= CONFIG_PATH=/...

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

...ES= + FW= + SUBSYSLOCK= + STATEDIR= + ALLOWRELATED=Yes + LOGRATE= + LOGBURST= + LOGPARMS= + LOGLIMIT= + ADD_IP_ALIASES= + ADD_SNAT_ALIASES= + TC_ENABLED= + BLACKLIST_DISPOSITION= + BLACKLIST_LOGLEVEL= + CLAMPMSS= + ROUTE_FILTER= + LOG_MARTIANS= + DETECT_DNAT_IPADDRS= + MUTEX_TIMEOUT= + NEWNOTSYN= + LOGNEWNOTSYN= + FORWARDPING= + MACLIST_DISPOSITION= + MACLIST_LOG_LEVEL= + TCP_FLAGS_DISPOSITION= + TCP_FLAGS_LOG_LEVEL= + RFC1918_LOG_LEVEL= + BOGON_LOG_LEVEL= + MARK_IN_FORWARD_CHAIN= + SHARED_DIR=/usr/share/shorewall + FUNCTIONS= + VERSION_FILE= + LOGFORMAT= + LOGRULENUMBERS= + ADMINISABSENTMINDED= + BLACKLI...